Your OnePlus phone may be sending out some data to a third-party. Nothing is confirmed yet but a OnePlus user shared his suspicions upon seeing a ‘com.oneplus.clipboard’ trying to access a network shortly after the phone was upgraded to Oreo beta. This already includes the December 1 security update. A OnePlus forum user noted that the IP address is connected to Alibaba. As it turned out, the system app can really be found in the beta as confirmed by the company but it’s only intended for HydrogenOS or those in China.
OnePlus acknowledged the issue and already said the company will soon be updating the global OxygenOS beta to remove the said “feature”. A OnePlus rep said the data sent are saved on any server so there’s nothing to worry about. It’s a bit alarming though to know that your clipboard information is being harvested. It shouldn’t be a big problem because it’s not unusual for Chinese OnePlus users but like any security issue, we will “never settle” until an explanation or solution is given.
Interestingly, another user tried to replicate the event by installing Oreo beta on the OnePlus 3. Data was then inspected using mitmproxy. The results revealed the app was indeed trying to connect to a server but clipboard data wasn’t. It’s not a mistake as the latest HydrogenOS beta changelog mentioned something about this: Smart clipboard recognition which provide appropriate buttons to help you accelerate your next action. This feature currently supports recognition for url, address and TaoBao (e-commerce) content.
VIA: Android Police
